By generating thousands of domains daily and registering just a few of them, cybercriminals manage to retain full control over a least a portion of their networks, even if some of their domains are taken offline.

Spamhaus’ global team of security researchers is able to trace connections between criminal networks, malicious domains and compromised IP addresses. This enables us to gain visibility of malicious domains as soon as they are registered.

Our researchers reverse engineer malware to reveal DGA domains and the times that they are due to be used, allowing us to block them before the criminals start using them.

Because we know that all the listed domains are bad, with zero false positives, our domain-based data can also be used to identify infected computers on your network by showing you which machines have tried to connect to Spamhaus-listed domains.